Azure Sentinel Level 400
Hunting and using
notebooks
Overview
• In this module you will learn
how to hunt using Azure
Sentinel.
Pre-
requisites
•Azure Sentinel Overview
module.
•KQL workshop.
Hunting
© Microsoft Corporation Azure
Visualize data sets
Notebooks
• A web app for creating and
running interactive
documents.
• Documents contain:
• live code,
• Visualizations
• Narrative text
• App Server can be:
• Free MS service
• Azure VM, Local Docker
• Data persistency
• Full scripting/programming environment (vs. declarative query)
• Sharing, Knowledge base
• Access to a wide variety of libraries:
• Machine learning
• Advanced data manipulation and analysis
• Visualization
Also read Why Use Jupyter for Security Investigations
• Building notebooks on the fly
• Tier 3 Analysts requiring deep investigation capability
• Hunters/Threat Intel analysts
• Authoring reusable notebooks
• By Tier 3 analysts and SOC Engineering
• For use as template notebooks by Tier 1+
• KQL Magic
• MSTICPY
Notebooks lab
Kqlmagic
Msticpy
Why Use Jupyter for Security Investigations